One of the largest banks in Australia (Westpac) used to require passwords to be exactly 6 characters (no more, no less) and they were case insensitive. It also had a fun 'denial of service' attack built-in: If you got it wrong three times, it'd lock the account and force you to go to the bank to unlock it, meaning anyone that knew your bank username could lock you out of your account and cause some pretty big headaches. Fun.
In fact, I'm not sur whether they ever fixed this. Haven't used their services in a long time.
My employer software has us log in with just our password, no username. I don't know exactly what's going on in the backend but I know I don't like it.
The highly regarded password policy of my last employer was one of the many things that pushed me over the edge and made me leave for greener pastures. I had to manage something like 9 different passwords, with the main one having changed to 16 chars min with all of the usual number/symbol/CAP requirements.